Hello,
I'm interested to configure stunnel to allow my local non-TLS Web browser to receive pages from a remote server providing only HTTPS.
This section of https://www.stunnel.org/static/stunnel.html appears relevant.
transparent = none | source | destination | both (Unix only) enable transparent proxy support on selected platforms ... destination The original destination is used instead of the connect option.
A service section for transparent destination may look like this: [transparent] client = yes accept = <stunnel_port> transparent = destination This configuration requires iptables setup to work, possibly in /etc/rc.local or equivalent file. ... For a connect target installed on a remote host:
/sbin/iptables -I INPUT -i eth0 -p tcp --dport <stunnel_port> -j ACCEPT /sbin/iptables -t nat -I PREROUTING -p tcp --dport <redirected_port> \ -i eth0 -j DNAT --to-destination <local_ip>:<stunnel_port> The transparent destination option is currently only supported on Linux.
==================================== Substitution of parameters for my context gives these configurations..
[transparent] client = yes accept = 127.0.0.1:954 transparent = destination
/sbin/iptables -I INPUT -i eth0 -p tcp --dport 954 -j ACCEPT /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 \ -i eth0 -j DNAT --to-destination 127.0.0.1:954
The non-TLS browser would address http://www.stunnel.org:954/ and receive the page from https://www.stunnel.org:443/. According to Wikipedia, 954 is not assigned.
The browser would continue to receive the page http://www.website.org/ without involvement of stunnel or iptables.
Plausible?
Thanks, ... P.